Welcome to PDPL Compliance Tool

Your complete solution for achieving and maintaining compliance with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection.

What Is This Tool?

This is a comprehensive compliance management platform built for UAE-based organisations. It helps you:

  • Understand which PDPL articles apply to your business
  • Identify gaps in your current data protection practices
  • Generate PDPL-compliant policies and documents
  • Manage Data Subject Access Requests (DSARs) within the 30-day deadline
  • Track data breaches and meet the 72-hour notification requirement
  • Record and manage consent from data subjects
  • Document Records of Processing Activities (ROPA)
  • Manage third-party data processors and Data Processing Agreements
Not Legal Advice

This tool provides guidance only. Always consult qualified legal counsel for PDPL compliance matters.

How PDPL Compliance Works — The Big Picture

This diagram shows how personal data flows through your organisation and where PDPL rules apply at each step.

YOUR CUSTOMERS / DATA SUBJECTS Give consent & providetheir personal data YOUR COMPANY (Data Controller) Decides why and how customer data is collected, stored, and used WHO IN YOUR COMPANY HANDLES THIS? DPO Data Protection Officer Owns compliance, trains staff, monitors all data activities IT & Security Team Implements security measures (encryption, access controls, breach detection & response) Legal / Compliance Drafts policies & privacy notices, manages DSARs and consent, handles breach notifications Senior Management Provides budget & authority, approves compliance decisions, signs off on DPO appointment WHERE DOES THE DATA GO? YOUR SYSTEMS & DATABASES Customer data stored, processed, and used for your business operations THIRD-PARTY DATA PROCESSOR e.g. Cloud provider, payroll company, email marketing service, analytics tool Shares data with REQUIRED: Data Processing Agreement (DPA) Must specify what data, how, and for how long PEOPLE HAVE RIGHTS OVER THEIR DATA DATA SUBJECT RIGHTS Access (30 days) • Correction • Deletion Portability • Objection • Restriction CONSENT MANAGEMENT Record who said yes, to what, and when Must make withdrawal as easy as giving consent DATA BREACH Notify UAE Data Office within 72 HOURS Notify affected people if high risk WHO ENFORCES PDPL? UAE DATA OFFICE — The Federal Regulator Report breach here WHAT HAPPENS IF YOU DON'T COMPLY? FINANCIAL PENALTIES Up to AED 20 MILLION for serious violations OTHER CONSEQUENCES Reputational damage • Loss of customer trust THIS TOOL HELPS YOU MANAGE ALL OF THE ABOVE
Key Roles Summary
  • Data Controller (Your Company) — Decides why and how to process data. Legally responsible for compliance.
  • Data Processor (Third Party) — Handles data on your behalf (cloud, payroll, email). You need a DPA with them.
  • DPO — The person in your company who ensures PDPL rules are followed. Can be internal or external.
  • Data Subject (Customer) — The person whose data you process. They have 8 rights under PDPL.
  • UAE Data Office — The government regulator that enforces PDPL and issues penalties.
Critical Deadlines
  • 72 hours — to notify the UAE Data Office of a data breach
  • 30 calendar days — to respond to a Data Subject Access Request (DSAR)
  • Without undue delay — to notify affected individuals if a breach creates high risk
  • At any time — data subjects can withdraw consent, object, or request deletion
  • Ongoing — maintain ROPA, conduct DPIAs, review policies regularly

How to Use This Tool — Step by Step

1
Set Up Your Company

Go to Company Settings (top-right dropdown) and fill in your organisation details — size, sector, emirate, and data processing scope.

2
Run a Self-Assessment

Navigate to Assessments and start a new self-assessment. Answer PDPL-related questions to evaluate your current compliance posture.

3
Review Compliance Overview

Visit Compliance to see your compliance score, risk level, and a breakdown by PDPL article category.

4
Address Gaps

Use the Gap Analysis page (under Compliance) to identify specific PDPL articles where your organisation falls short, then assign tasks.

5
Generate Policies

Go to Policies to create PDPL-compliant documents — privacy policies, consent forms, DPA templates, and data retention schedules.

6
Monitor & Maintain

Use DSAR for data subject requests, Audit for activity logs and evidence, and revisit the Dashboard regularly to track your score.

Quick Reference: What Each Section Does
SectionPurposeStart With
DashboardYour compliance score, risk level, recent activity, and upcoming deadlines — all in one place.Visit first after setup
ComplianceArticle-by-article breakdown of your compliance status, gap analysis, and task management.After running an assessment
AssessmentsCreate and complete PDPL self-assessments to evaluate your data protection practices.Step 2 — start here
DSARManage Data Subject Access Requests, consent records, and data breach notifications.As requests come in
PoliciesGenerate and manage PDPL-compliant policies, plus track third-party data processors.After gap analysis
AuditView activity logs, manage evidence, schedule audits, and track data retention.Ongoing — log as you go
What You'll Get Out of This Tool
  • A clear, measurable compliance score that improves over time
  • Automated gap identification mapped to specific PDPL articles
  • Pre-built policy templates that meet UAE PDPL requirements
  • A defensible audit trail of all compliance activities
  • Confidence that you can respond to DSARs within the legal 30-day window
  • A centralised record of all data processing activities across your organisation